1. more security issues
- Posted by isaac <isaaca at MINDSPRING.COM> Dec 19, 1998
- 339 views
I was going to make the suggestion that anyone who wanted to tweak the security of their euserver could just write themselves a new version of encrypt.shr, when I realized the repercussions of this. If the attacker has access to the server computer, as in your attack scenario, he could just write a new copy of encrypt.shr that looked like this: global function Decrypt(sequence in,sequence key) if compare(in,"gotcha")=0 then return key end function This would give him exclusive access to the server for a while. If he wanted something a bit more discreet, he could instead use: global function Decrypt(sequence in,sequence key) if compare(in,"gotcha")=0 then return key else return Encrypt(key) end function in which the Encrypt function is the same as it was. In fact, no matter the encryption sceme, if the attacker has access to the server source, he can break in. I haven't been able to test this attack, as I haven't been able to do anything with euserver. Here's what I did: I unzipped the zipped file into an empty directory. I ran "run.bat" a window opened saying "Active Socket Num's: 22" I ran "telnet localhost 9000" telnet opened and told me "could not open a connection with localhost" what did I do wrong? isaac
2. Re: more security issues
- Posted by Greg Phillips <i.shoot at REDNECKS.COM> Dec 19, 1998
- 340 views
isaac wrote: > I unzipped the zipped file into an empty directory. > I ran "run.bat" > a window opened saying "Active Socket Num's: 22" > I ran "telnet localhost 9000" > telnet opened and told me "could not open a connection with localhost" > > what did I do wrong? > I'm not sure, but the exact same thing happened to me, same situation, everything. Odd...hopefully someone can answer? Greg -- Greg Phillips i.shoot at rednecks.com http://euphoria.server101.com -- Useless fact of the day: Flying from London to New York by concord, due to the time zones crossed, you can arrive 2 hours before you leave.
3. Re: more security issues
- Posted by Daniel Berstein <daber at PAIR.COM> Dec 19, 1998
- 328 views
- Last edited Dec 20, 1998
At 05:42 p.m. 19-12-98 , you wrote: >isaac wrote: > >> I unzipped the zipped file into an empty directory. >> I ran "run.bat" >> a window opened saying "Active Socket Num's: 22" >> I ran "telnet localhost 9000" >> telnet opened and told me "could not open a connection with localhost" >> >> what did I do wrong? >> > >I'm not sure, but the exact same thing happened to me, same situation, >everything. Odd...hopefully someone can answer? >Greg Try with 127.0.0.1 Regards, Daniel Berstein daber at pair.com